|Google Dork Description: filetype:php inurl:"viewfile" -"index.php" -"idfil||GHDB-ID: 289|
|Google Search: filetype:php inurl:"viewfile" -"index.php" -"idfil||EDB-ID: N/A|
Programmers do strange things sometimes and forget about security. This search is the perfect example. These php scripts are written for viewing files in the web directory (e.g. ww.XXX.com/viewfile.php?my_howto.txt --> will show you the my_howto.txt).An attacker can check for buggy php scripts wich allow you to view any file on the system (with webservers permissions). Try the good, old directory traversal trick: "../../../". You have to know the filename and location, but that's not a big problem (/etc/passwd anyone ?).